X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fpayment_terms.php;h=3a4daf1fe2b0ba9ad3caf8d02c238d11afd99b87;hb=7d9fe15f85c15572535c5fa4555b9a72e9d93f04;hp=24969c94a268301ac5611b8aff46536c0b7bd8c7;hpb=c09be0dad6b05131e240349a375af7a4b7bf3444;p=fa-stable.git

diff --git a/admin/payment_terms.php b/admin/payment_terms.php
index 24969c94..3a4daf1f 100644
--- a/admin/payment_terms.php
+++ b/admin/payment_terms.php
@@ -1,5 +1,14 @@
 <?php
-
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 $page_security = 10;
 $path_to_root="..";
 include($path_to_root . "/includes/session.inc");
@@ -94,7 +103,7 @@ if ($Mode == 'Delete')
 {
 	// PREVENT DELETES IF DEPENDENT RECORDS IN debtors_master
 
-	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = '$selected_id'";
+	$sql= "SELECT COUNT(*) FROM ".TB_PREF."debtors_master WHERE payment_terms = ".db_escape($selected_id);
 	$result = db_query($sql,"check failed");
 	$myrow = db_fetch_row($result);
 	if ($myrow[0] > 0) 
@@ -103,7 +112,7 @@ if ($Mode == 'Delete')
 	} 
 	else 
 	{
-		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = '$selected_id'";
+		$sql= "SELECT COUNT(*) FROM ".TB_PREF."suppliers WHERE payment_terms = ".db_escape($selected_id);
 		$result = db_query($sql,"check failed");
 		$myrow = db_fetch_row($result);
 		if ($myrow[0] > 0) 
@@ -114,7 +123,7 @@ if ($Mode == 'Delete')
 		{
 			//only delete if used in neither customer or supplier accounts
 
-			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator='$selected_id'";
+			$sql="DELETE FROM ".TB_PREF."payment_terms WHERE terms_indicator=".db_escape($selected_id);
 			db_query($sql,"could not delete a payment terms");
 			display_notification(_('Selected payment terms have been deleted'));
 		}
@@ -164,7 +173,7 @@ while ($myrow = db_fetch($result))
     label_cell($full_text);
     label_cell($after_text);
  	edit_button_cell("Edit".$myrow["terms_indicator"], _("Edit"));
- 	edit_button_cell("Delete".$myrow["terms_indicator"], _("Delete"));
+ 	delete_button_cell("Delete".$myrow["terms_indicator"], _("Delete"));
     end_row();
 
 
@@ -186,7 +195,7 @@ if ($selected_id != -1)
 	if ($Mode == 'Edit') {
 		//editing an existing payment terms
 		$sql = "SELECT * FROM ".TB_PREF."payment_terms
-			WHERE terms_indicator='$selected_id'";
+			WHERE terms_indicator=".db_escape($selected_id);
 
 		$result = db_query($sql,"could not get payment term");
 		$myrow = db_fetch($result);